Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Create Custom Role

sandroh
Champ in-the-making
Champ in-the-making

‎07-20-2008 05:05 PM

Where can take a documetation for study the exist permissions groups???
Labels:
0 Kudos
14 REPLIES 14

jithin
Champ in-the-making
Champ in-the-making
In response to zaizi

‎04-04-2016 06:12 AM

Thanks zaizi for your valuable suggstns

I want to create a custom role where that role doesnt have any download options
Can you please help?
0 Kudos

gravitonian
Star Collaborator
Star Collaborator
In response to jithin

‎04-06-2016 08:37 AM

Have a look at this documentation: http://docs.alfresco.com/5.1/references/dev-extension-points-permissions.html
0 Kudos

sandroh
Champ in-the-making
Champ in-the-making

‎07-21-2008 12:09 PM

On the wiki at http://wiki.alfresco.com/wiki/Permissions_and_Roles_Configuration#Default_Permissions


Thanks Zaizi for this link, But my problem now is other. Create new custom rule.

ex:Contributor permissions
Start Discussion, create only content, delete only content, no permissions for copy content.

Editor permissions
Invite user for space.

You know where make this custom permissions, because in default_permissions, no exist… Where can create a new type rule, for add in my  custom rule???
0 Kudos

zaizi
Champ in-the-making
Champ in-the-making

‎07-21-2008 02:07 PM

The file you need to look at is your_install_dir/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/model/permissionDefinitions.xml or <JBOSS_HOME>/server/default/tmp/deploy/tmp*alfresco-exp.war/WEB-INF/classes/alfresco/model/permissionDefinitions.xml.

The following snippet from the file shows the default roles.You can use it to create your custom role. 

   <permissionSet type="cm:cmobject" expose="selected">
      
      <!– Kept for backward compatibility - the administrator permission has   –>
      <!– been removed to aviod confusion –> 
      <permissionGroup name="Administrator" allowFullControl="true" expose="false" />
      
      <!– A coordinator can do anything to the object or its childeren unless the     –>
      <!– permissions are set not to inherit or permission is denied.                 –>
      <permissionGroup name="Coordinator" allowFullControl="true" expose="true" />
      
      <!– A collaborator can do anything that an editor and a contributor can do –>
      <permissionGroup name="Collaborator" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Editor" type="cm:cmobject" />
         <includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
      </permissionGroup>
      
      <!– A contributor can create content and then they have full permission on what –>
      <!– they have created - via the permissions assigned to the owner.              –>
      <permissionGroup name="Contributor" allowFullControl="false" expose="true" >
          <!– Contributor is a consumer who can add content, and then can modify via the –>
          <!– owner permissions.                                                      –>
          <includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/>
          <includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
          <includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
      </permissionGroup>
      
      <!– An editor can read and write to the object; they can not create    –>
      <!– new nodes. They can check out content into a space to which they have       –>
      <!– create permission.                                                          –>
      <permissionGroup name="Editor"  expose="true" allowFullControl="false" >
          <includePermissionGroup type="cm:cmobject" permissionGroup="Consumer"/>
          <includePermissionGroup type="sys:base" permissionGroup="Write"/>
          <includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
          <includePermissionGroup type="sys:base" permissionGroup="ReadPermissions"/>
      </permissionGroup>
      
      <!– The Consumer permission allows read to everything by default.                  –>
      <permissionGroup name="Consumer" allowFullControl="false" expose="true" >
          <includePermissionGroup permissionGroup="Read" type="sys:base" />
      </permissionGroup>
      
      <permissionGroup name="Pending" allowFullControl="false" expose="true" >
          <includePermissionGroup permissionGroup="Read" type="sys:base" />
      </permissionGroup>
      
      <!– records permission –>
      <!– Should be tied to the aspect –>
      <!– onwership should be removed when using this permission –> 
      <permissionGroup name="RecordAdministrator" allowFullControl="false" expose="false">
          <includePermissionGroup type="sys:base" permissionGroup="ReadProperties"/>
          <includePermissionGroup type="sys:base" permissionGroup="ReadChildren"/>
          <includePermissionGroup type="sys:base" permissionGroup="WriteProperties"/>
          <includePermissionGroup type="sys:base" permissionGroup="ReadContent"/>
          <includePermissionGroup type="sys:base" permissionGroup="DeleteChildren"/>
          <includePermissionGroup type="sys:base" permissionGroup="CreateChildren"/>
          <includePermissionGroup type="sys:base" permissionGroup="LinkChildren"/>
          <includePermissionGroup type="sys:base" permissionGroup="DeleteAssociations"/>
          <includePermissionGroup type="sys:base" permissionGroup="CreateAssociations"/>
      </permissionGroup>
       
   </permissionSet>
0 Kudos

sandroh
Champ in-the-making
Champ in-the-making

‎07-21-2008 02:44 PM

The file you need to look at is your_install_dir/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/model/permissionDefinitions.xml or <JBOSS_HOME>/server/default/tmp/deploy/tmp*alfresco-exp.war/WEB-INF/classes/alfresco/model/permissionDefinitions.xml.

The following snippet from the file shows the default roles.You can use it to create your custom role. 

   <permissionSet type="cm:cmobject" expose="selected">
      
      <!– Kept for backward compatibility - the administrator permission has   –>
      <!– been removed to aviod confusion –> 
      <permissionGroup name="Administrator" allowFullControl="true" expose="false" />
      
      <!– A coordinator can do anything to the object or its childeren unless the     –>
      <!– permissions are set not to inherit or permission is denied.                 –>
      <permissionGroup name="Coordinator" allowFullControl="true" expose="true" />
      
      <!– A collaborator can do anything that an editor and a contributor can do –>
      <permissionGroup name="Collaborator" allowFullControl="false" expose="true">
         <includePermissionGroup permissionGroup="Editor" type="cm:cmobject" />
         <includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
      </permissionGroup>
      
      <!– A contributor can create content and then they have full permission on what –>
      <!– they have created - via the permissions assigned to the owner.              –>
      <permissionGroup name="Contributor" allowFullControl="false" expose="true" >
          <!– Contributor is a consumer who can add content, and then can modify via the –>
          <!– owner permissions.                                                      –>
          <includePermissionGroup permissionGroup="Consumer" type="cm:cmobject"/>
          <includePermissionGroup permissionGroup="AddChildren" type="sys:base"/>
          <includePermissionGroup permissionGroup="ReadPermissions" type="sys:base" />
      </permissionGroup>
      
      <!– An editor can read and write to the object; they can not create    –>
      <!– new nodes. They can check out content into a space to which they have       –>
      <!– create permission.                                                          –>
      <permissionGroup name="Editor"  expose="true" allowFullControl="false" >
          <includePermissionGroup type="cm:cmobject" permissionGroup="Consumer"/>
          <includePermissionGroup type="sys:base" permissionGroup="Write"/>
          <includePermissionGroup type="cm:lockable" permissionGroup="CheckOut"/>
          <includePermissionGroup type="sys:base" permissionGroup="ReadPermissions"/>
      </permissionGroup>
      
      <!– The Consumer permission allows read to everything by default.                  –>
      <permissionGroup name="Consumer" allowFullControl="false" expose="true" >
          <includePermissionGroup permissionGroup="Read" type="sys:base" />
      </permissionGroup>
      
      <permissionGroup name="Pending" allowFullControl="false" expose="true" >
          <includePermissionGroup permissionGroup="Read" type="sys:base" />
      </permissionGroup>
      
      <!– records permission –>
      <!– Should be tied to the aspect –>
      <!– onwership should be removed when using this permission –> 
      <permissionGroup name="RecordAdministrator" allowFullControl="false" expose="false">
          <includePermissionGroup type="sys:base" permissionGroup="ReadProperties"/>
          <includePermissionGroup type="sys:base" permissionGroup="ReadChildren"/>
          <includePermissionGroup type="sys:base" permissionGroup="WriteProperties"/>
          <includePermissionGroup type="sys:base" permissionGroup="ReadContent"/>
          <includePermissionGroup type="sys:base" permissionGroup="DeleteChildren"/>
          <includePermissionGroup type="sys:base" permissionGroup="CreateChildren"/>
          <includePermissionGroup type="sys:base" permissionGroup="LinkChildren"/>
          <includePermissionGroup type="sys:base" permissionGroup="DeleteAssociations"/>
          <includePermissionGroup type="sys:base" permissionGroup="CreateAssociations"/>
      </permissionGroup>
       
   </permissionSet>

Ok, i'm editing this file, but the rule for create only content(no create folder and content), start discussion, invited user, i don't provide. Where find this rule.

I find in this link, but i don't find.
I need make, or customize any file for create this rule, or these rule exist???
0 Kudos

ginny_a
Champ in-the-making
Champ in-the-making

‎09-03-2008 04:57 AM

hi sandroh,
Did you get any clue about creating a new role which can only add content? I don't want my custom role to create new folders.
I need a little help please…
0 Kudos

sandroh
Champ in-the-making
Champ in-the-making

‎02-13-2009 07:18 AM

I did not have additional tips, but I believe that is possible. Sorry for delay replying, been busy on some other projects.
I believe that is possible but will require a customization of greater complexity. Our profile createChildrens (create folders and contents), what we would like createFolder, these rules are actually called the set of commands that access apiAlfresco. But not only this custom xml files.
0 Kudos

jenn_l
Champ on-the-rise
Champ on-the-rise

‎05-22-2009 12:46 PM

Hoi all,

I have a situation where a user want to add content <via business rule> but he can't see that space. I get 'Access Denied". I want to add a new role in order to add content even when the folder is not visible.  I've found this site http://www.packtpub.com/article/roles-in-alfresco that look like my case. I've tried this but it will not work. I am working with 3.0
Can anyone help me out with this, please?
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC